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When considering distributed systems, it is a central issue how to deal with interactions between 
components. In this paper, we investigate the paradigms of synchronous and asynchronous interac- 
tion in the context of distributed systems. We investigate to what extent or under which conditions 
synchronous interaction is a valid concept for specification and implementation of such systems. We 
choose Petri nets as our system model and consider different notions of distribution by associating 
locations to elements of nets. First, we investigate the concept of simultaneity which is inherent 
in the semantics of Petri nets when transitions have multiple input places. We assume that tokens 
may only be taken instantaneously by transitions on the same location. We exhibit a hierarchy of 
'asynchronous' Petri net classes by different assumptions on possible distributions. Alternatively, we 
assume that the synchronisations specified in a Petri net are crucial system properties. Hence transi- 
tions and their preplaces may no longer placed on separate locations. We then answer the question 
which systems may be implemented in a distributed way without restricting concurrency, assum- 
ing that locations are inherently sequential. It turns out that in both settings we find semi-structural 
properties of Petri nets describing exactly the problematic situations for interactions in distributed 
systems. 



1 Introduction 

In this paper, we address interaction patterns in distributed systems. By a distributed system we under- 
stand here a system which is executed on spatially distributed locations, which do not share a common 
clock (for performance reasons for example). We want to investigate to what extent or under which con- 
ditions synchronous interaction is a valid concept for specification and implementation of such systems. 
It is for example a well-known fact that synchronous communication can be simulated by asynchronous 
communication using suitable protocols. However, the question is whether and under which circum- 
stances these protocols fully retain the original behaviour of a system. What we are interested in here are 
precise descriptions of what behaviours can possibly be preserved and which cannot. 

The topic considered here is by no means a new one. We give a short overview on related approaches in 
the following. 

Already in the 80th, Luc Bouge considered a similar problem in the context of distributed algorithms. 
In (51 he considers the problem of implementing symmetric leader election in the sublanguages of CSP 
obtained by allowing different forms of communication, combining input and output guards in guarded 
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choice in different ways. He finds that the possibility of implementing leader election depends heavily 
on the structure of the communication graphs. Truly symmetric schemes are only possible in CSP with 
arbitrary input and output guards in choices. 

Synchronous interaction is a basic concept in many languages for system specification and design, e.g. 
in statechart-based approaches, in process algebras or the 7r-calculus. For process algebras and the ir- 
calculus, language hierarchies have been established which exhibit the expressive power of different 
forms of synchronous and asynchronous interaction. In [4] Frank de Boer and Catuscia Palamidessi 
consider various dialects of CSP with differing degrees of asynchrony. Similar work is done for the ir- 
calculus in lfl5l by Catuscia Palamidessi, in lfl3ll by Uwe Nestmann and in (H by Dianele Gorla. A rich 
hierarchy of asynchronous 7r-calculi has been mapped out in these papers. Again mixed-choice, i.e. the 
ability to combine input and output guards in a single choice, plays a central role in the implementation 
of truly synchronous behaviour. 

In ifTTl . Peter Selinger considers labelled transition systems whose visible actions are partitioned into 
input and output actions. He defines asynchronous implementations of such a system by composing it 
with in- and output queues, and then characterises the systems that are behaviourally equivalent to their 
asynchronous implementations. The main difference with our approach is that we focus on asynchrony 
within a system, whereas Selinger focusses on the asynchronous nature of the communications of a 
system with the outside world. 

Also in hardware design it is an intriguing quest to use interaction mechanisms which do not rely on a 
global clock, in order to gain performance. Here the simulation of synchrony by asynchrony can be a 
crucial issue, see for instance [ 10] and IfTTl . 

In contrast to the approaches based on language constructs like the work on CSP or the 7r-calculus, we 
choose here a very basic system model for our investigations, namely Petri nets. The main reason for this 
choice is the detailed way in which a Petri net represents a concurrent system, including the interaction 
between the components it may consist of. In an interleaving based model of concurrency such as 
labelled transition systems modulo bisimulation semantics, a system representation as such cannot be 
said to contain synchronous or asynchronous interaction; at best these are properties of composition 
operators, or communication primitives, defined in terms of such a model. A Petri net on the other 
hand displays enough detail of a concurrent system to make the presence of synchronous communication 
discernible. This makes it possible to study synchronous and asynchronous interaction without digressing 
to the realm of composition operators. 

Also in Petri net theory, the topic which concerns us here has already been tackled. It has been inves- 
tigated in [9] and [18] whether and how a Petri net can be implemented in a distributed way. We will 
comment on these and other related papers in the area of Petri net theory in the conclusion. 

In a Petri net, a transition interacts with its preplaces by consuming tokens. In Petri net semantics, taking 
a token is usually considered as an instantaneous action, hence a synchronous interaction between a 
transition and its preplace. In particular when a transition has several preplaces this becomes a crucial 
issue. In this paper we investigate what happens if we consider a Petri net as a specification of a system 
that is to be implemented in a distributed way. For this we introduce locations on which all elements of 
a Petri net have to be placed upon. The basic assumption is that interaction between remote components 
takes time. In our framework this means that the removal of a token will be considered instantaneous 
only if the removing transition and the place where the token is removed from are co-located. Our 
investigations are now twofold. 

In Section [3] of this paper, we consider under which circumstances the synchronous interaction between 
a transition and its preplace may be mimicked asynchronously, thus allowing to put places and their 
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posttransitions on different locations. Following [6], we model the asynchronous interaction between 
transitions and their preplaces by inserting silent (unobservable) transitions between them. We investi- 
gate the effect of this transformation by comparing the behaviours of nets before and after insertion of 
the silent transitions using a suitable equivalence notion. We believe that most of our results are inde- 
pendent of the precise choice of this equivalence. However, as explained in Section [51 it has to preserve 
causality, branching time and divergence to some small extent, and needs to abstract from silent transi- 
tions. Therefore we choose one such equivalence, based on its technical convenience in establishing our 
results. Our choice is step readiness equivalence. It is a variant of the readiness equivalence of 1141 . 
obtained by collecting the set of steps of multiple actions possible after a certain sequence of actions, 
instead of just the set of possible actions. We call a net asynchronous if, for a suitable placement of 
its places and transitions, the above-mentioned transformation replacing synchronous by asynchronous 
interaction preserves step readiness equivalence. Depending on the allowed placements, we obtain a hi- 
erarchy of classes of asynchronous nets: fully asynchronous nets, symmetrically asynchronous nets and 
asymmetrically asynchronous nets. We give semi-structural properties that characterise precisely when 
a net falls into one of these classes. This puts the results from (6l in a uniform framework and extends 
them by introducing a simpler notion of asymmetric asynchrony. 

In Sections [4] and [5j we pursue an alternative approach. We assume that the synchronisations specified in 
a Petri net are crucial system properties. Hence we enforce co-locality between a transition and all its 
preplaces while at the same time assuming that concurrent activity is not possible at a single location. We 
call nets fulfilling these requirement distributed and investigate which behaviours can be implemented 
by distributed nets. Again we compare the behaviours up to step readiness equivalence. We call a net 
distributable iff its behaviour can be equivalently produced by a distributed net. We give a behavioural 
and a semi-structural characterisation of a class of non-distributable nets, thereby exhibiting behaviours 
which cannot be implemented in a distributed way at all. Finally, we give a lower bound of distributability 
by providing a concrete distributed implementation for a wide range of nets. 

An extended abstract of this paper will appear in the proceedings of the 33rd International Symposium 
on Mathematical Foundations of Computer Science (MFCS 2008), Toruh, Poland, August 2008 (E. 
Ochmahski & J. Tyszkiewicz, eds.), LNCS 5162, Springer, 2008, pp. 16-35. 

2 Basic Notions 

We consider here 1-safe net systems, i.e. places never carry more than one token, but a transition can fire 
even if pre- and postset intersect. 

Definition 1 Let Act be a set of visible actions and r £ Act be an invisible action. 
A labelled net (over Act) is a tuple N = (S,T,F, M ,£) where 

— S is a set (of places), 

— T is a set (of transitions), 

— F C S xTUT x S (the flow relation), 

— Mq C S (the initial marking) and 

— I : T — > Act U {t} (the labelling function). 

Petri nets are depicted by drawing the places as circles, the transitions as boxes containing the respective 
label, and the flow relation as arrows (arcs) between them. When a Petri net represents a concurrent 
system, a global state of such a system is given as a marking, a set of places, the initial state being Mq. 
A marking is depicted by placing a dot (token) in each of its places. The dynamic behaviour of the 
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represented system is defined by describing the possible moves between markings. A marking M may 
evolve into a marking M' when a nonempty set of transitions G fires. In that case, for each arc (s, t) G F 
leading to a transition t in G, a token moves along that arc from s to t. Naturally, this can happen only if 
all these tokens are available in M in the first place. These tokens are consumed by the firing, but also 
new tokens are created, namely one for every outgoing arc of a transition in G. These end up in the places 
at the end of those arcs. A problem occurs when as a result of firing G multiple tokens end up in the same 
place. In that case M' would not be a marking as defined above. In this paper we restrict attention to 
nets in which this never happens. Such nets are called 1-safe. Unfortunately, in order to formally define 
this class of nets, we first need to correctly define the firing rule without assuming 1 -safety. Below we do 
this by forbidding the firing of sets of transitions when this might put multiple tokens in the same place. 

Definition 2 Let N = (S, T, F, M ,£) be a labelled net. Let M x , M 2 C S. 

We denote the preset and postset of a net element x G S U T by *x := {y \ (y,x) G F} and 
x' := {y j (x,y) G F} respectively. These functions are extended to sets in the usual manner, i.e. 
•X := {y | y G 'x, x G X}. 

A nonempty set of transitions / G C T, is called a step from M\ to M 2 , notation Mi [G] n M 2 , if 

— all transitions contained in G are enabled, that is 

Vt G G. "t C Mi A (Mi \ *t) n f = , 

— all transitions of G are independent, that is not conflicting: 

Vt,ueG,t^u.*tn*u = ®Afnu* = ®, 

— in M2 all tokens have been removed from the preplaces of G and new tokens have been inserted 
at the postplaces of G: 

M 2 = (Mi \ *G) U G* . 

To simplify statements about possible behaviours of nets, we use some abbreviations. 

Definition 3 Let N = (S, T, F, M , 1) be a labelled net. 

We extend the labelling function I to (multi)sets elementwise. 

— >n C 0>(5) x IN Act x ?(S) is given by M x M 2 & 3 G C T. M x [G) N M 2 A A = 1(G) 



>n C 9(S) x 9(S) is defined by Mi — -* N M 2 3t G T. £(t) = t A M 1 [{t}) N M 2 

> N 



C 0>(5) x Act* x 9(5) is defined by M x aia2 ^ Qn > jy M 2 o 



T * {ai} T * {a2} T * T * {««} T * , , 

-Ml > N >N >N y N >N ' " " y N y N >N M 2 

where — denotes the reflexive and transitive closure of — t -^n- 

We write M 1 ^ N for 3M 2 . Ml -^ n M 2 ,M 1 -^ n for $M 2 . M 1 -^ N M 2 and similar for the 
other two relations. Likewise Ml[G) n abbreviates 3M 2 . Mi[G) atM 2 . 

A marking Mi is said to be reachable iff there is a a G Act* such that Mo ==>n Mi. The set of all 
reachable markings is denoted by [Mo) n- 

We omit the subscript N if clear from context. 

As said before, here we only want to consider 1-safe nets. Formally, we restrict ourselves to contact-free 
nets, where in every reachable marking Mi G [M ) for all t G T with *t C Mi 

(Mi \ •<) n f = . 
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For such nets, in Definition [2] we can just as well consider a transition t to be enabled in M iff 't C M, 
and two transitions to be independent when *t n *u = 0. 

In this paper we furthermore restrict attention to nets for which *t ^ and °t and t* are finite for all 
t G T and s* is finite for all s S 5. We also require the initial marking Mq to be finite. A consequence 
of these restrictions is that all reachable markings are finite, and it can never happen that infinitely many 
independent transitions are enabled. Henceforth, with net we mean a labelled net obeying the above 
restrictions. 

In our nets transitions are labelled with actions drawn from a set Act U {r}. This makes it possible to 
see these nets as models of reactive systems, that interact with their environment. A transition t can be 
thought of as the occurrence of the action £(t). If £(t) € Act, this occurrence can be observed and influ- 
enced by the environment, but if £{t) =r, t is an internal or silent transition whose occurrence cannot be 
observed or influenced by the environment. Two transitions whose occurrences cannot be distinguished 
by the environment are equipped with the same label. In particular, given that the environment cannot 
observe the occurrence of internal transitions at all, all of them have the same label, namely r. 

We use the term plain nets for nets where £ is injective and no transition has the label r, i.e. essentially 
unlabelled nets. Similarly, we speak of plain r-nets to describe nets where £(t) = £{u) ^ r =>■ t = u, 
i.e. nets where every observable action is produced by a unique transition. In this paper we focus on 
plain nets, and give semi-structural characterisations of classes of plain nets only. However, in defining 
whether a net belongs to one of those classes, we study its implementations, which typically are plain 
T-nets. When proving our impossibility result (Theorem [3] in Section [5]) we even allow arbitrary nets as 
implementations . 

We use the following variation of readiness semantics fPfll to compare the behaviour of nets. 

Definition 4 Let N = (S, T, F, M ,£) be a net, a G Act* and X C IN Act . 

<cj, X> is a step ready pair of N iff 

3M. M ^MAM^AI = {AG IN Act | M -^}. 
We write M{N) for the set of all step ready pairs of N . 

Two nets ./V and N' are step readiness equivalent, N Ftgg N', iff &(N) = M(N'). 

The elements of a set X as above are multisets of actions, but as in all such multisets that will be 
mentioned in this paper the multiplicity of each action occurrence is at most 1, we use set notation to 
denote them. 

3 Asynchronous Petri Net Classes 

In Petri nets, an inherent concept of simultaneity is built in, since when a transition has more than one 
preplace, it can be crucial that tokens are removed instantaneously. When using a Petri net to model a 
system which is intended to be implemented in a distributed way, this built-in concept of synchronous 
interaction may be problematic. 

In this paper, a given net is regarded as a specification of how a system should behave, and this specifi- 
cation involves complete synchronisation of the firing of a transition and the removal of all tokens from 
its preplaces. In this section, we propose various definitions of an asynchronous implementation of a net 
N, in which such synchronous interaction is wholly or partially ruled out and replaced by asynchronous 
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interaction. The question to be clarified is whether such an asynchronous implementation faithfully mim- 
ics the dynamic behaviour of N. If this is the case, we call the net N asynchronous with respect to the 
chosen interaction pattern. 

The above programme, and thus the resulting concept of asynchrony, is parametrised by the answers to 
three questions: 

1 . Which synchronous interactions do we want to rule out exactly? 

2. How do we replace synchronous by asynchronous interaction? 

3. When does one net faithfully mimic the dynamic behaviour of another? 

To answer the first question we associate a location to each place and each transition in a net. A transition 
may take a token instantaneously from a preplace (when firing) iff this preplace is co-located with the 
transition; if the preplace resides on a different location than the transition, we have to assume the 
collection of the token takes time, and thus the place looses its token before the transition fires. 

We model the association of locations to the places and transitions in a net N = (S,T,F,Mq,£) as 
a function D : S U T — > Loc, with Loc a set of possible locations. We refer to such a function as 
a distribution of N. Since the identity of the locations is irrelevant for our purposes, we can just as 
well abstract from Loc and represent D by the equivalence relation =d on S U T given by x =d V iff 

D(x) = D(y). 

In this paper we do not deal with nets that have a distribution built in. We characterise the interaction 
patterns we are interested in by imposing particular restrictions on the allowed distributions. The im- 
plementor of a net can choose any distribution that satisfies the chosen requirements, and we call a net 
asynchronous for a certain interaction pattern if it has a correct asynchronous implementation based on 
any distribution satisfying the respective requirements. 

The fully asynchronous interaction pattern is obtained by requiring that all places and all transitions 
reside on different locations. This makes it necessary to implement the removal of every token in a time- 
consuming way. However, this leads to a rather small class of asynchronous nets, that falls short for many 
applications. We therefore propose two ways to loosen this requirement, thereby building a hierarchy of 
classes of asynchronous nets. Both require that all places reside on different locations, but a transition 
may be co-located with one of its preplaces. The symmetrically asynchronous interaction pattern allows 
this only for transitions with a single preplace, whereas in the asymmetrically asynchronous interaction 
pattern any transition may be co-located with one of its preplaces. Since two preplaces can never be 
co-located, this breaks the symmetry between the preplaces of a transition; an implementor of a net has 
to choose at most one preplace for every transition, and co-locate the transition with it. The removal of 
tokens from all other preplaces needs to be implemented in a time-consuming way. Note that all three 
interaction patterns break the synchronisation of the token removal between the various preplaces. 

Definition 5 Let D be a distribution on a net N = (S, T, F, M ,£), 

and let =d be the induced equivalence relation on S U T. We say that D is 

— fully distributed, D G =£?fd, when x =rj y for x, y G S U T only if x = y, 

— symmetrically distributed, D G JSsd, when 

P=dQ for p,q£S only if p = q, 
t= D p fort G T, peS only if *t = {p} and 
t =d u for t,u G T only if t = u or 3p G S. t =£> p 

— asymmetrically distributed, D G J2 ad, when 

p =d q for p, q G S only if p = q, 
t =d P for t G T, p G S only if p G 't and 
t =D u for t, u G T only if t = u or 3p G S. t =d p 



= D U, 



=D U. 
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Figure 1: Possible results for Id(N) given different requirements 



The second question raised above was: How do we replace synchronous by asynchronous interaction? 
In this section we assume that if an arc goes from a place s to a transition t at a different location, a token 
takes time to move from s to t. Formally, we describe this by inserting silent (unobservable) transitions 
between transitions and their remote preplaces. This leads to the following notion of an asynchronous 
implementation of a net with respect to a chosen distribution. 

Definition 6 Let N = (S, T, F, Mq,£) be a net, and let =jj be an equivalence relation on S U T. 

The D-based asynchronous implementation of N is Ij)(N) := (S U S T ,T U T T ,F', Mq,£') with 



S T := {s t \teT, s£ % s^ D t}, 

T T := {t s | t E T, s £ % s^ D t}, 

F' := {(t,s) \t ET, s Ef}U{(s,t) 
U {(s,i s ), (i s ,s t ), (s t ,t) 

£' f T =1 and f (t s ) = r for 



t E T, s E s = D t} 
teT, s€% s^ D t} , 
t s E T\ 



Proposition 1 For any (contact-free) net N, and any choice of =d, the net Id(N) is contact-free, and 
satisfies the other requirements imposed on nets, listed in Section 12 



Proof In Appendix |A) 



□ 



The above protocol for replacing synchronous by asynchronous interaction appears to be one of the 
simplest ones imaginable. More intricate protocols, involving many asynchronous messages between 
a transition and its preplaces, could be contemplated, but we will not study them here. Our protocol 
involves just one such message, namely from the preplace to its posttransition. It is illustrated in FigureQ] 

The last question above was: When does one net faithfully mimic the dynamic behaviour of another? 
This asks for a semantic equivalence on Petri nets, telling when two nets display the same behaviour. 
Many such equivalences have been studied in the literature. We believe that most of our results are inde- 
pendent of the precise choice of a semantic equivalence, as long as it preserves causality and branching 
time to some degree, and abstracts from silent transitions. Therefore we choose one such equivalence, 
based on its technical convenience in establishing our results, and postpone questions on the effect of 
varying this equivalence for further research. Our choice is step readiness equivalence, as defined in 
Section [2] Using this equivalence, we define a notion of behavioural asynchrony by asking whether the 
asynchronous implementation of a net preserves its behaviour. This notion is parametrised by the chosen 
interaction pattern, characterised as a requirement on the allowed distributions. 

Definition 7 Let J2 be a requirement on distributions of nets. 

A plain net N is behaviourally JB -asynchronous iff there exists a distribution D of N meeting the 
requirement £2 such that Irj (N) N. 
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Intuitively, the only behavioural difference between a net N and its asynchronous implementation Id(N) 
can occur when in N a place s G 'u is marked, whereas in Id(N) this token is already on its way from 
s to its posttransition u. In that case, it may occur that a transition t 7^ u with s G *t is enabled in iV, 
whereas i is not enabled in the described state of Ijj(N). We call the situation in N leading to this state 
of Io(iV) a distributed conflict; it is in fact the only circumstance in which Id{N) fails to faithfully 
mimic the dynamic behaviour of N. 

Definition 8 Let N = (S, T, F, M , f) be a net and D a distribution of N. 

N has a distributed conflict with respect to D iff 

3t,u GT 3pe *t nV t ^ u Ap^o u A3M G [M }at. 'KM. 

We wish to call a net A" (semi)structurally asynchronous iff the situation outlined above never occurs, 
so that the asynchronous implementation does not change the behaviour of the net. As for behavioural 
asynchrony, this notion of asynchrony is parametrised by the set of allowed distributions. 

Definition 9 Let Jbea requirement on distributions of nets. 

A net N is (semi)structurally J2 -asynchronous iff there exists a distribution D of N meeting the 
requirement such that A" has no distributed conflicts with respect to D. 

The following theorem shows that distributed conflicts describe exactly the critical situations: For all 
plain nets the notions of structural and behavioural asynchrony coincide, regardless of the choice if J2. 

Theorem 1 Let A^ be a plain net, and a requirement on distributions of nets. 
Then A" is behaviourally ^-asynchronous iff it is structurally ^-asynchronous. 

Proof In Appendix |A] □ 

Because of this theorem, we call a plain net ^-asynchronous if it is behaviourally and/or structurally 
^-asynchronous. In this paper we study this concept for plain nets only. When taking J2 = J2yd we 
speak of fully asynchronous nets, when taking £2 = J^sd of symmetrically asynchronous nets, and when 
taking £2 = i?AD of asymmetrically asynchronous nets. 

Example 1 The net A^ of Figure Q] is not fully asynchronous, for its unique D-based asynchronous 
implementation Id{N) with D G J?fd (also displayed in Figure [T]) is not step readiness equivalent to 
N. In fact (e, 0) G ffl{Ir)(N)) \ M{N). This inequivalence arises because in Id(N) the option to do an 
a-action can be disabled already before any visible action takes place; this is not possible in N. 

The only way to avoid a distributed conflict in this net is by taking t =d V =D u. This is not allowed 
for any D G J^fd or D G =Ssd> but it is allowed for D G =Sad (cf. the last net in Figured)). Hence A^ is 
asymmetrically asynchronous, but not symmetrically asynchronous. 

Since J^fd Q =Ssd Q &ad, any fully asynchronous net is symmetrically asynchronous, and any symmet- 
rically asynchronous net is also asymmetrically asynchronous. Below we give semi-structural character- 
isations of these three classes of nets. The first two stem from [6 ], where the class of fully asynchronous 
nets is called FA{B) and the class of symmetrically asynchronous nets is called SA(B). The class AA(B) 
in is somewhat larger than our class of asymmetrically asynchronous nets, for it is based on a slightly 
more involved protocol for replacing synchronous by asynchronous interaction. 
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Definition 10 A plain net N = (S, T, F, M ,£) has a 

— partially reachable conflict iff 

3t,u G T 3pe *t n'u. t / u A 3M G [M ) N . *t C M , 

— partially reachable N iff 

3t,u G T Bp G 't n 'u. t ^ u A |'it| > 1 A 3M G [M ) N . *t C M , 

— left and right border reachable M iff 

r-n^ > .-, > > t^uAuj^vAp^qA 
3t,u,v G T 3p G t Pi u 3q G uD v. -Z, r ,,, „ . ^ 

' ' 1 H 3Mi, M 2 G [M Q ) n . , KMiA'dCM 2 . 



Theorem 2 Let be a plain net. 

— N is fully asynchronous iff it has no partially reachable conflict. 

— iV is symmetrically asynchronous iff it has no partially reachable N. 

— N is asymmetrically asynchronous iff it has no left and right border reachable M. 

Proof Straightforward with Theorem [T] □ 

In the theory of Petri nets, there have been extensive studies on classes of nets with certain structural 
properties like free choice nets El [2!] and simple nets [3'], as well as extensions of theses classes. They 
are closely related to the net classes defined here, but they are defined without taking reachability into 
account. For a comprehensive overview and discussion of the relations between those purely structurally 
defined net classes and our net classes see O. Restricted to plain nets without dead transitions (mean- 
ing that every transition t satisfies the requirement 3M G [Mo). *t C M), Theorem |2] says that a net 
is fully synchronous iff it is conflict-free in the structural sense (no shared preplaces), symmetrically 
asynchronous iff it is a free choice net and asymmetrically asynchronous iff it is simple. 

Our asynchronous net classes are defined for plain nets only. There are two approaches to lifting them 
to labelled nets. One is to postulate that whether a net is asynchronous or not has nothing to do with 
its labelling function, so that after replacing this labelling by the identity function one can apply the 
insights above. This way our structural characterisations (Theorems Q] and |2]) apply to labelled nets as 
well. Another approach would be to apply the notion of behavioural asynchrony of Definition |7] directly 
to labelled nets. This way more nets will be asynchronous, because in some cases a net happens to 
be equivalent to its asynchronous implementation in spite of a failure of structural asynchrony. This 
happens for instance if all transitions in the original net are labelled r. Unlike the situation for plain nets, 
the resulting notion of behavioural asynchrony will most likely be strongly dependent on the choice of 
the semantic equivalence relation between nets. 



4 Distributed Systems 



The approach of Section [3] makes a difference between a net regarded as a specification, and an asyn- 
chronous implementation of the same net. The latter could be thought of as a way to execute the net 
when a given distribution makes the synchronisations that are inherent in the specification impossible. 
In this and the following section, on the other hand, we drop the difference between a net and its asyn- 
chronous implementation. Instead of adapting our intuition about the firing rule when implementing a 
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net in a distributed way, we insist that all synchronisations specified in the original net remain present 
as synchronisations in a distributed implementation. Yet, at the same time we stick to the point of view 
that it is simply not possible for a transition to synchronise its firing with the removal of tokens from 
preplaces at remote locations. Thus we only allow distributions in which each transition is co-located 
with all of its preplaces. We call such distributions effectual. For effectual distributions D, the imple- 
mentation transformation Id is the identity. As a consequence, if effectuality is part of a requirement 
£2 imposed on distributions, the question whether a net is ^-asynchronous is no longer dependent on 
whether an asynchronous implementation mimics the behaviour of the given net, but rather on whether 
the net allows a distribution satisfying £} at all. 

The requirement of effectuality does not combine well will the requirements on distributions proposed 
in Definition [5] For if JS is the class of distributions that are effectual and asymmetrically distributed, 
then only nets without transitions with multiple preplaces would be ^-asynchronous. This rules out 
most useful applications of Petri nets. The requirement of effectuality by itself, on the other hand, would 
make every net asynchronous, because we could assign the same location to all places and transitions. 

We impose one more fundamental restriction on distributions, namely that when two visible transitions 
can occur in one step, they cannot be co-located. This is based on the assumption that at a given location 
visible actions can only occur sequentially, whereas we want to preserve as much concurrency as pos- 
sible (in order not to loose performance). Recall that in Petri nets simultaneity of transitions cannot be 
enforced: if two transitions can fire in one step, they can also fire in any order. The standard interpre- 
tation of nets postulates that in such a case those transitions are causally independent, and this idea fits 
well with the idea that they reside at different locations. 

Definition 11 Let N = (S, T, F, M , 1) be a net. 

The concurrency relation ^ C T 2 is given by t-^u^t^uA 3M G [Mo). M[{t, u}}. 

N is distributed iff it has a distribution D such that 

- Vs G S, t G T. s G *t =>- t = D s, 

- t u A l(t), l(u) / r t ^ D u. 

It is straightforward to give a semi-structural characterisation of this class of nets: 

Observation 1 A net is distributed iff there is no sequence to,...,t n of transitions with to ^ t n and 
•ti-iH'ti /0fori = l,...,n. 

A structure as in the above characterisation of distributed nets can be considered as a prolonged M 
containing two independent transitions that can be simultaneously enabled. 

It is not hard to find a plain net that is fully asynchronous, yet not distributed. However, restricted to 
plain nets without dead transitions, the class of asymmetrically asynchronous nets is a strict subclass of 
the class of distributed nets. Namely, if a net is M-free (where an M is as in Definition [TOl but without 
the reachability condition on the bottom line), then it surely has no sequence as described above. 

5 Distributable Systems 

In this section, we will investigate the borderline for distributability of systems. It is a well known 
fact that sometimes a global protocol is necessary when concurrent activities in a system interfere. In 
particular, this may be necessary for deciding choices in a coherent way. Consider for example the 
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Figure 2: A fully marked M. 

simple net in Figure [2 It contains an M-structure, which was already exhibited as a problematic one in 
Section [3] Transitions t and v are supposed to be concurrently executable (if we do not want to restrict 
performance of the system), and hence reside on different locations. Thus at least one of them, say t, 
cannot be co-located with transition u. However, both transitions are in conflict with u. 

As we use nets as models of reactive systems, we allow the environment of a net to influence decisions 
at runtime by blocking one of the possibilities. Equivalently we can say it is the environment that fires 
transitions, and this can only happen for transitions that are currently enabled in the net. If the net decides 
between t and u before the actual execution of the chosen transition, the environment might change its 
mind in between, leading to a state of deadlock. Therefore we work in a branching time semantics, in 
which the option to perform t stays open until either t or u occurs. Hence the decision to fire u can 
only be taken at the location of u, namely by firing u, and similarly for t. Assuming that it takes time to 
propagate any message from one location to another, in no distributed implementation of this net can t 
and u be simultaneously enabled, because in that case we cannot exclude that both of them happen. Thus, 
the only possible implementation of the choice between t and u is to alternate the right to fire between 
t and u, by sending messages between them (cf. Figure [3]). But if the environment only sporadically 
tries to fire t or u it may repeatedly miss the opportunity to do so, leading to an infinite loop of control 
messages sent back and forth, without either transition ever firing. 

In this section we will formalise this reasoning, and show that under a few mild assumptions this type 
of structures cannot be implemented in a distributed manner at all, i.e. even when we allow the imple- 
mentation to be completely unrelated to the specification, except for its behaviour. For this, we apply the 
notion of a distributed net, as introduced in the previous section. Furthermore, we need an equivalence 
notion in order to specify in which way an implementation as a distributed net is required to preserve the 
behaviour of the original net. As in Section 3, we choose step readiness equivalence. We call a plain net 
distributable if it is step readiness equivalent to a distributed net. We speak of a truly synchronous net if 
it is not distributable, thus if it may not be transformed into any distributed net with the same behaviour 
up to step readiness equivalence, that is if no such net exists. We study the concept "distributable" for 
plain nets only, but in order to get the largest class possible we allow non-plain implementations, where 
a given transition may be split into multiple transitions carrying the same label. 

Definition 12 A plain net N is truly synchronous iff there exists no distributed net N' which is step 
readiness equivalent to N. 

We will show that nets like the one of Figure |2]are truly synchronous. 

Step readiness equivalence is one of the simplest and least discriminating equivalences imaginable that 
preserves branching time, causality and divergence to some small extend. Our impossibility result, for- 
malised below as Theorem depends crucially on all three properties, and thus needs to be reconsidered 
when giving up on any of them. When working in linear time semantics, every net is equivalent to an 
infinite net that starts with a choice between several T-transitions, each followed by a conflict-free net 
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Figure 3: A busy-wait implementation of the net in Figure |2] 



modelling a single run. This net is N-free, and hence distributed. It can be argued that infinite implemen- 
tations are not acceptable, but when searching for the theoretical limits to distributed implementability 
we don't want to rule them out dogmatically. When working in interleaving semantics, any net can be 
converted into an equivalent distributed net by removing all concurrency between transitions. This can 
be accomplished by adding a new, initially marked place, with an arc to and from every transition in the 
net. When fully abstracting from divergence, even when respecting causality and branching time, the net 
of Figure [2] is equivalent to the distributed net of Figure [3l and in fact it is not hard to see that this type 
of implementation is possibly for any given net. Yet, the implementation is suspect, as the implemented 
decision of a choice may fail to terminate. The clause M » in Definition |4] is strong enough to rule 
out this type of implementation, even though our step readiness semantics abstracts from other forms of 
divergence. 

We now characterise the class of nets which we will prove to be truly synchronous. 

Definition 13 Let N = (S, T, F, M ,£) be a net. 

N has a fully reachable visible pure M iff 3t, u, v G T. *t n 'u / A 'u n *v ± A *t Pi *v = A 
£{t),£(u),£(v) /rABMe [M ).*tU'uU*v CM. 

Here a pure M is an M as in Definition [lOl that moreover satisfies *t P\'v = 0, and hence p g" *v, q G" °t 
and t ^ v . These requirements follow from the conditions above. 

Proposition 2 A net with a fully reachable visible pure M is not distributed. 

Proof Let N = (S,T, F, Mq,£) be a net that has a fully reachable visible pure M, so there exist 
t , u, v G T and p, q G 5 such that p G 'tn'uAq G 'utl'vA'tn'v = and 3M G [Mo). 'tU'uU'v C M. 
Then t ^ v. Suppose N is distributed by the distribution D. Then t =d P =d u =d q =D v but t ^ v 
implies t v. j_ □ 

Now we show that fully reachable visible pure M's that are present in a plain net are preserved under step 
readiness equivalence. 

Lemma 1 Let N = (S, T, F, M ,£) be a plain net. 

If N has a fully reachable visible pure M, there exists <a, X> G M{N) such that 3a, b, c G Act. 
a ^ c A {b} e X A {a, c} £ X A {a,b} ^ X A {b, c} <£ X. (It is implied that a ^ b ^ c.) 

Proof N has a fully reachable visible pure M, so there are t,u,v<ET and Mg [Mo) such that 'tn'u ^ 
A'uD'v ^ 0A*tn*u = 0A£(t),£(u),£(v) + tA'WuU'v C M. Letcx G Act* such that M M. 
Since N is a plain net, M and £(t) ^ £(u) / £(v) ^ £(t). Hence there exists anlC IN Act such 

that <a, X> £^(N) A {£(u)} £ X A {£(t),£(v)} G X A {£{t),£(u)} $ X A {£{u),£{v)} <£ X. □ 



van Glabbeek, Goltz and Schicke 



13 



Lemma 2 Let N = (5, T, F, M ,£) be a net. 

If there exists <a,X> G &{N) such that 3a, b, c G Act. a / cA{6} G lA{o,c} G XA{a,b} X 
A {6, c} ^ X, then iV has a fully reachable visible pure M. 

Proof Let M C Sbe the marking which gave rise to the step ready pair <a, X>, i.e. Mo ==>■ M and 
M A M x -— i A M W A M W. 

there must exist three transitions t,u,v £ T with = a A ^(u) = 6 A = c and 
M [{«}) A M [{t, u}} A -i(M [{t, u}}) A -.(M[{«, «})). From M[{u}} AM[{t, v}) follows 'tU'uU'v C 
M. From M[{t, v}) follows *i n *v = 0. From ->(M[{t, u})) then follows *i n *tt ^ and analogously 
for u and u . Hence N has a fully reachable visible pure M. □ 

Note that the lemmas above give a behavioural property that for plain nets is equivalent to having a fully 
reachable visible pure M. 

Theorem 3 A plain net with a fully reachable visible pure M is truly synchronous. 

Proof Let A'" be a plain net which has a fully reachable visible pure M. Let N' be a net which is step 
readiness equivalent to N. By Lemma[T]and Lemma|2j also N' has a fully reachable visible pure M. By 
Proposition [U N' is not distributed. Thus N is truly synchronous. □ 

Theorem [3] gives an upper bound of the class of distributable nets. We conjecture that this upper bound 
is tight, and a plain net is distributable iff it has no fully reachable visible pure M. 

Conjecture 1 A plain net is truly synchronous iff it has a fully reachable visible pure M. 

In the following, we give a lower bound of distributability by providing a protocol to implement certain 
kinds of plain nets distributedly. These implementations do not add additional labelled transitions, but 
only provide the existing ones with a communication protocol in the form of r-transitions. Hence these 
implementations pertain to a notion of distributability in which we restrict implementations to be plain 
T-nets. Note that this does not apply to the impossibility result above. 

Definition 14 A plain net is plain-distributable iff there exists a distributed plain r-net N which is 
step readiness equivalent to N. 



Definition 15 Let N = (S, T, F, M , 1) be a net. 
We define the enabled conflict relation # C T 2 as 

t#u^]Me [M ). M[{t}} A M[{u}) A -.(Af[{t,u»). 



We now propose the following protocol for implementing nets. An example depicting it can be found in 
Figure|5] As locations we take the places in a given net, and the equivalence classes of transitions that are 
related by the reflexive and transitive closure of the enabled conflict relation. We locate every transition t 
in its equivalence class, whereas every place gets a private location. Every place s will have an embassy 
s [*] in every location [t] where one of its posttransitions t G s* resides. As soon as s receives a token, it 
will distribute this information to its posttransitions by placing a token in each of these embassies. The 
arc from s to t is now replaced by an arc from sW to t, so if t could fire in the original net it can also fire 
in the implementation. So far the construction allows two transitions in different locations that shared 
the precondition s to fire concurrently, although they were in conflict in the original net. However, if this 
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situation actually occurs, these transitions would have been in an enabled conflict, and thus assigned to 
the same location. The rest of the construction is a matter of garbage collection. If a transition t fires, for 
each of its preplaces s, all tokens that are still present in the various embassies of s in locations [u] need 
to be removed from there. This is done by a special internal transition t$ . Once all these transitions (for 
the various choices of s and [u]) have fired, an internal transition t' occurs, which puts tokens in all the 
postplaces of t. 

Definition 16 Let JV = (S, T, F, M , 1) be a net. 

Let [t] := {u G T \ t u}. The transition-controlled-choice implementation of JV is defined to be 

the net JV' := (S U S T ,T U T T , F', M , 1') with 

S T ■= { S M | a e S, t G a'} U {© | t G T} U 

{4 U U{" ] | sG5, t,«€a*,M / [t]} 
T T := {{s\ | a G 5} U {t' | t G T} U 

{tM |sG5, t,uG S *,M # [*]} 
F':={( S ,@) | S G5}U 

{(®, S W),( S M,t)| S G5,iG S '}U 
{(*,©),(©,*') |tGT}U 
{(t',s) | t G T,s G t'} U 

{(^^^(^U^^CtUl" 1 ),^*'),^ 1 ,^) I SGS-, t,u€*', M / [t]} 
£' \ T = I and f (T T ) = {r}. 
Theorem 4 A plain net N is plain-distributable iff #* n ^ = 0. 

Proof "=^>": When implementing a plain net iV by a plain r-net JV' that is step readiness equivalent 
to N, the # and ^ relations between the transitions of iV also exists between the corresponding visible 
transitions of N'. This is easiest to see when writing ajv, resp. ajvs to denote a transition in iV, resp. N', 
with label a, which must be unique since N is a plain net, resp. N' a plain r-net. Namely if oat # ^tv, 
then JV has a step ready pair <a, X> with {a}, {b} G X but {a, b} g" X. This must also be a step ready 
pair of JV', and hence ajv # &at'- Likewise, a at - 6jv implies ^ frjv 7 - 

Thus if #* fl ^ ^ holds in JV, then the same is the case for JV', and hence JV' is not distributed by 
Observation Q] 

"•£=": If #* fl ^ = 0, JV can be implemented as specified in Definition [16] In fact, the transition- 
controlled-choice implementation of any net JV yields a net that is step readiness equivalent to JV. See 
Appendix |B] for a formal proof of this claim. By construction, if JV is plain, its transition-controlled- 
choice implementation is a plain r-net. Moreover, if fl ^ = it never happens that concurrent 
visible transitions are co-located, and hence the implementation will be distributed. □ 
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Figure 5 : A distributed implementation for the net in Figure [4] partitioning into localities shown by 
dashed lines 

Our definition of distributed nets only enforces concurrent actions to be on different locations if they 
are visible, and our implementation in Definition [16] produces nets which actually contain concurrent 
unobservable activity at the same location. If this is undesired it can easily be amended by adding a 
single marked place to every location and connecting that place to every transition on that location by a 
self-loop. While this approach will introduce new causality relations, step readiness equivalence will not 
detect this. 



6 Conclusion 

In this paper, we have characterised different grades of asynchrony in Petri nets in terms of structural 
and behavioural properties of nets. Moreover, we have given both an upper and a lower bound of dis- 
tributability of behaviours. In particular we have shown that some branching-time behaviours cannot be 
exhibited by a distributed system. 

We did not consider connections from transitions to their postplaces as relevant to determine asynchrony 
and distributability. This is because we only discussed contact-free nets where no synchronisation by 
postplaces is necessary. In the spirit of Definition [6] we could insert r-transitions on any or all arcs from 
uansitions to their postplaces, and the resulting net would always be equivalent to the original. 

We have already given a short overview on related work in the introduction of this paper. Most closely 
related to our approach are several lines of work using Petri nets as a model of reactive systems. 
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Figure 6: A specification and its Hopkins-implementation which added concurrency. 

As mentioned in Section[3l classes of nets with certain structural properties like, free choice nets EH3 and 
simple nets 0, as well as extensions of theses classes, have been extensively studied in Petri net theory, 
and are closely related to the classes of nets defined here. In O, Eike Best and Mike Shields introduce 
various transformations between free choice nets, simple nets and extended variants thereof. They use 
"essential equivalence" to compare the behaviour of different nets, which they only give informally. 
This equivalence is insensitive to divergence, which is relied upon in their transformations. It also does 
not preserve concurrency, which makes it possible to implement behavioural free choice nets, that may 
feature a fully reachable visible M, as free choice nets. They continue to show conditions under which 
liveness can be guaranteed for many of these classes. 

In HI, Wil van der Aalst, Ekkart Kindler and Jorg Desel introduce two extensions to extended simple 
nets, by excluding self-loops from the requirements imposed on extended simple nets. This however 
assumes a kind of "atomicity" of self-loops, which we did not allow in this paper. In particular we do not 
implicitly assume that a transition will not change the state of a place it is connected to by a self-loop, 
since in case of deadlock, the temporary removal of a token from such a place might not be temporary 
indeed. 

In 02], Wolfgang Reisig introduces a class of systems which communicate using buffers and where the 
relative speeds of different components are guaranteed to be irrelevant. The resulting nets are simple 
nets. He then proceeds introducing a decision procedure for the problem whether a marking exists which 
makes the complete system live. 

Dirk Taubner has in |[T8l given various protocols by which to implement arbitrary Petri nets in the OC- 
CAM programming language. Although this programming language offers synchronous communication 
he makes no substantial use of that feature in the protocols, thereby effectively providing an asynchronous 
implementation of Petri nets. He does not indicate a specific equivalence relation, but is effectively using 
linear-time equivalences to compare implementations to the specification. 

The work most similar to our approach we have found is the one by Hopkins, 0. There he already 
classified nets by whether they are implementable by a net distributed among different locations. He 
uses an interleaving equivalence to compare an implementation to the original net, and while allowing 
a range of implementations, he does require them to inherit some of the structure of the original net. 
The net classes he describes in his paper are larger than those of Section [3] because he allows more 
general interaction patterns, but they are incomparable with those of Section [5] One direction of this 
inequality depends on his choice of interleaving semantics, which allows the implementation in Figure [6] 
The step readiness equivalence we use does not tolerate the added concurrency and the depicted net is 
not distributable in our sense. The other direction of the inequality stems from the fact that we allow 
implementations which do not share structure with the specification but only emulate its behaviour. That 
way, the net in Figure [7]can be implemented in our approach as depicted. 

Still many open questions remain. While our impossibility result holds even when allowing labelled nets 
as implementations, our characterisation in Theorem [4] only considers unlabelled ones. This begs the 
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Figure 7: A distributable net which is not considered distributable in J9J, and its implementation. 

question which class of nets can be implemented using labelled nets. We conjecture that a distributed 
implementation exists for every net which has no fully reachable visible pure M. We also conjecture that 
if we allow linear time correct implementations, all nets become distributable, even when only allowing 
finite implementations of finite nets. We are currently working on both problems. 

Just as a distributable net is defined as a net that is behaviourally equivalent to, or implementable by, a 
distributed net, one could define an asynchronously implementable net as one that is implementable by 
an asynchronous net. This concept is again parametrised by the choice of an interaction pattern. It would 
be an interesting quest to characterise the various classes of asynchronously implementable plain nets. 

Also, extending our work to nets that are not required to be 1-safe will probably generate interesting 
results, as conflict resolution protocols must keep track of which token they are currently resolving the 
conflict of. 

In regard to practical applicability of our results, it would be very interesting to relate our Petri net based 
terminology to hardware descriptions in chip design. Especially in modern multi-core architectures 
performance reasons often prohibit using global clocks while a facade of synchrony must still be upheld 
in the abstract view of the system. 

On a higher level of applications, we expect our results to be useful for language design. To start off, we 
would like to make a thorough comparison of our results to those on communication patterns in process 
algebras, versions of the 7r-calculus and I/O-automata lTT2l . Using a Petri net semantics of a suitable 
system description language, we could compare our net classes to the class of nets expressible in the 
language, especially when restricting the allowed communication patterns in the various ways considered 
in ID or in lfl2l . Furthermore, we are interested in applying our results to graphical formalisms for system 
design like UML sequence diagrams or activity diagrams, also by applying their Petri net semantics. Our 
results become relevant when such formalisms are used for the design of distributed systems. Certain 
choice constructs become problematic then, as they rely on a global mechanism for consistent choice 
resolution; this could be made explicit in our framework. 
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A The Asynchronous Implementation 

Given a net N and a distribution D on N, this appendix explores the properties of the D-based asyn- 
chronous implementation Id(N) of N, focussing on the relationship between Id(N) and N, and cul- 
minating in the proofs of Proposition Q] and Theorem Q] of Section [3] 

For better readability we will use the abbreviations °x := {y | (y, x) G F'} and x° := {y \ (x, y) G F'} 
instead of 'x or x* when making assertions about the flow relation of an implementation. 

The following lemma shows how the D-based asynchronous implementation of a net N simulates the 
behaviour of N. 

Lemma 3 Let N = (S, T, F, M ,£) be a net, A C Act, a G Act* and M 1 ,M 2 C S. 

1. If Mi -±* N M 2 then M 1 ^*i d{ n)^i d (n) Af 2 . 

2. If Mi M 2 then Mi ^i d{N ) M 2 . 

Proof Assume Mi [G) at M 2 . Then, by construction of Id(N), 

Mi [{t a 1 1 g G, s e 't, s ^ D t}) Io{N) [{t\te G}) Id(n) M 2 . 

The first part of that execution can be split into a sequence of singleton transitions, all labelled r. 

The second statement follows by a straightforward induction on the length of a. □ 

This lemma uses the fact that any marking of N is also a marking on Ijj(N). The reverse does not 
hold, so in order to describe the degree to which the behaviour of Id(N) is simulated by N we need to 
explicitly relate markings of Id (N) to those of N. This is in fact not so hard, as any reachable marking of 
Id (N) can be obtained from a reachable marking of N by moving some tokens into the newly introduced 
buffering places st- To establish this formally, we define a function which transforms implementation 
markings into the related original markings, by shifting these tokens back. 

Definition 17 Let N = (S, T, F, M ,l) be a net and let I D (N) = (S U S T , T U T T , F', M , £'). 
: S U S T — > S is the function defined by 

, . . f s iff p = s t with s t G S T , s G S, t G T 
t (p) := < 

I p otherwise (p G S) 



Where necessary we extend functions to sets elementwise. So for any M C S U S T we have t*~(M) = 
{t^(s) I s G M} = (M nS)U{s|s ( e M}. In particular, t*~(M) = M when M C S. 

We now introduce a predicate a on the markings of Id {N) that holds for a marking iff it can be obtained 
from a reachable marking of N (which is also a marking of Id{N)) by firing some unobservable tran- 
sitions. Each of these unobservable transitions moves a token from a place s into a buffering place sp 
Later, we will show that a exactly characterises the reachable markings of Id(N). Furthermore, as every 
token can be moved only once, we can also give an upper bound on how many such movements can still 
take place. 
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Definition 18 Let N = (5, T, F, M ,£) be a net and I D (N) = (S U S T , T U T T , F', M , £'). 
The predicate a C J 5 (5 U S T ) is given by 

a(M) T^(M)e[M ) N /\\/p,qeM.T^(p)=T*-(q)^p = q. 

The function d : y(SuS T ) -> 1NU {00} is given by d(M) := |M n {s \ s G S, 3i G s\ s £}|, 
where we choose not to distinguish between different degrees of infinity. 

Note that a(M) implies |M| = \t*~(M)\, and reachable markings of N are always finite (thanks to our 
definition of a net). Hence a(M) implies d{M) G IN. The following lemma confirms that our informal 
description of a matches its formal definition. 

Lemma 4 Let N and Jd(JV) be as above and M C S U S* T , with M finite. 
Then Vp, g G M. r^(p) = T ^(q)^p = q iff r^(M) ^ d(J v) M. 

Proof Given that t*~(M) C 5, "if" follows directly from the construction of Irj(N). 

For "only if", assume Vp, <? G M. r^(p) = T*~(q) p = q. Then t*~(M) [{t s \ s t G M}) /z , (Ar ) M. □ 

Now we can describe how any net simulates the behaviour of its fully asynchronous implementation. 

Lemma 5 Let N and I D (N) be as above, A C Act, cr G Act* and M, M' C S U 5 T . 

1. a(M ). 

2. Ifa(M) A M -^ Id{n) M' then r*~(M) t*~{M') A a(M'). 

3. If a(M) A M -^(jv) M' then d(M) > d(M') A t*~(M) = r^(M') A a(M'). 

4. If M ^r D (7v) then M ^ N r^(M') A a(M'). 

Proof 'CD': M G [M ) N and Vs G M C S. t^(s) = s. 

'12': Suppose a(M) and M [G) Id ( N) M' with G C T. So t*~(M) is a reachable marking of N. 
Note that for any t G T we have that r^(°t) = *i. Moreover, a(M) implies that 

i,ycMMny = l => r^(x) n^(y) = (i) 

and hence 

YQM => t^(M\Y) = t*~(M)\t*~(Y) . (2) 

Let t G G. Since t is enabled in M, we have °t C M and hence 'f = r^(°t) C t*~(M). Given that A r 
is contact-free and t*~(M) G [Mo) at, it follows that t is enabled in r <- (M). 

Now let t,u&G with i ^ u. Then °i U °« C M and °t n °u = 0, so 'tn*u = T*~(°t) n r^(°u) = 0, 
using £[]). Given that *i U *u C r <- (M) and N is contact-free, it follows that also t* D = and hence 
t and it are independent. 

Since M' = (M\°G)UG° we have r^(M') = (t*"(M) \r^(°G)) Ur^(G°) = (r^(M) UC 
and hence r*^(M) [G)jv t*~{M'). 

Next we establish a(M'). To this end, we may assume that G is a singleton set, for G must be finite — this 
follows since all (independent) transitions in G are enabled from the reachable marking t*~{M) of N, 
and N satisfies the frniteness restrictions imposed on nets in Section[2] — and when M[{to, h , . . . , t n })M' 
for some n > then there are Ml, M 2 , . . . , M n with M [{t }) M x [{ti}) M 2 ■ ■ ■ M n [{t n }) M', allowing 
us to obtain the general case by induction. So let G = {t} with t G T. 
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Above we have shown that t*~(M') G [Mo) at. We still need to prove that T*~(p) = T^(q) p = q 
for all p,q £ M'. Assume the contrary, i.e. there are p, q G M' with T*~(p) = T*~{q) but p ^ q. Since 
a(M), at least one of p and q — say p — must not be present in M. Thus p G t° = t* C S. As r*~(g) = 
r< ~(p) = P an d 9 7^ Pi it must be that q G 5 ,r . Hence q <£t°, so q £ M, and p = r <_ (g) € t*~(M). As 
shown above, t is enabled in r <- (M). By the contact-freeness of N, (r*~(M) \ "t) Hi* = 0, so p G *i. 
Using that p G" M, we find that p °f C M, so p ^ D t and p 4 G °t C M. As by construction °t n t° = 0, 
we have p t $ M', so q ^ pt. Yet T*~(q) = p = r*~(p t ), contradicting a(M). 

l f3j': Let i a G T r such that M [{t s }) Io{N) M' . Then, by construction of I D (N), °t s = {s}Ai s ° = {s t }. 
Hence M' = M\{s}U{s t } andd(M') = d(M)-lAr^(M') = r^(M). Moreover, a(M') 4^ a(M). 

'IU': Using[l]-[3l this follows by a straightforward induction on the number of transitions in the derivation 

M ^i D (N) M'. □ 

It follows that a exactly characterises the reachable markings of Id(N): 

Lemma 6 Let N and I D (N) be as before and M C S U S T . 
Then M G [M ) Id{n) iff a(M). 

Proof "Only if" follows from Lemma I5l4l and "if" follows by Lemmas [3] and H □ 

Using this we now prove Proposition Q] from Section [3j 

Proposition 1 For any (contact-free) net N = (S, T, F, Mq,£), and any choice of =d, the net Id(N) is 
contact-free, and satisfies the other requirements imposed on nets, listed in Section [2 

Proof Let M G [M ) Id{n) . Then a(M), and hence t*~{M) G [M ) n- 

Consider any t G T with °t C M. Assume (M \ °t) n i° / 0. Since t° = i* C 5 let p G 5 be such that 
p G M n i° and p £ °i. As TV is contact-free we have (t^(M) \ *t) D t* = 0, so since p G r*~(M) n i* 
it must be that p G *t. Hence p t G °i C M and we have p ^ pt yet r^(p) =p = r^(p t ), violating a(M). 

Now consider any t p G T r with °t p C M. As % = {p} and t p ° = {p 4 } we have that (M\°t p ) Dt p ° ^ 
only if p G M A pt G M. However, r*~(p) = p = r*~(p t ) which would violate a(M). 

This established the contact-freeness of Id(N). By construction, Mq is finite, °t ^ and °i and t° are 
finite for all i G T U T T , and s° is finite for all s G S U S T . □ 

The following lemma is a crucial step in the proof of Theorem [TJ 

Lemma 7 Let N = (S, T, F, Mo, I) be a net without a distributed conflict w.r.t. a distribution D. 

Let Mi G [Mq)jv and Mi -^j^jv) M 2 -^i d (n) ■ ■ ■ -^i d (n) M n ~^i D (N) for some n > 1. 
Then, Mi -^at iff M n — ^ D(Ar) for all A C Act. 

Proof Suppose *i C Mi but °i ^ M n for some i G T. For p £*t write pt := pt if p t and pt = p 
otherwise. Then °i = {pt | p G Pick p G *t such that p t ^ M n . As M n -+—>i d (n) we a l so h ave 
p ^ M n . Let 1 < i < n be the last index such that p G M, or p t G Mj. Then M« [{w p })/ D (Ar) Mj + i for 
some u G T with u 7^ t, p G *n and p u. But this would constitute a distributed conflict w.r.t. D. ^ 

It follows that Mi implies M n [t)7 (Ar) for all i G T. Moreover, it follows immediately from the 
construction of Id(N) that if two transitions i, ttGT are independent in N, then they are also independent 
in Id(N). Hence Mi [G)n implies M n [G)j D ^ for all G C T. Thus Mi — >tv implies M n — > i d (n)- 

For the reverse direction, observe that a(Mi) and t*~(M\) = Mi because Mi G [Mo) at. Hence a(M n ) 
and r^(M n ) = Mi by Lemma 15131 and M n — y i D (N) implies Mi — >jy for all A by Lemma 15121 □ 



22 



On Synchronous and Asynchronous Interaction in Distributed Systems 



Theorem 1 Let N = (S, T, F, Mq,£) be a plain net, and J2 a requirement on distributions of nets. 
Then A is behaviourally ^-asynchronous iff it is structurally ^-asynchronous. 

Proof "Only if": Suppose A fails to be structurally ^-asynchronous. Let D be a distribution on iV 
meeting the requirement J2. Then A has a distributed conflict with respect to D, i.e. 

3t,u G T 3pG "t n 'u. t ^ u /\p ^ D u A 3M G [M ) N . *t Q M . 

We need to show that / D (f) 96^ A. 

Let M G [Mq) at be such that 'iCM and let cr G Act* be such that M =^>n M. Then iV has a step 
ready pair <a, X> with G X. As plain nets are deterministic, M is the only marking of A with 

the property that Mo =>at M. Hence N has exactly once step ready pair of the form <a,X>, and it 
satisfies {l\t)} G X. 

Lemma[3]yields M =>i d (n) M. Let Mi := (M\{p})U{p u }. ThenM [u p ) Id{n) M x by Definition H 
so M Mi. By Lemma|5E we have Mi -^->/ (jv) M 2 -^i d (n) • • • -^i D (N) M n ~^i D {N) for 
some n < d(M) G IN. As u C S" 1 " for all f G T T , we have p g" Mj for i = 1, 2, . . . , re. Moreover, in case 
p ^ t we have p 4 G w° only if p G °u; hence also p t Mj for i = 1, 2, . . . , n. It follows that °t <2 M n . 
Thus Id(A) has a step ready pair <cr, X> with {£(t)} g" A". We find that &(I D {N)) / &(N). 

"If": Suppose A is structurally ^-asynchronous, i.e. there is a distribution D on A meeting the require- 
ment J2, such that A has no distributed conflicts with respect to D. We show that &(Irj(N)) = &S(N). 

"2": Let <cr, X> G M{N). Then there is a marking M of A such that M ==>Ar M, M -^->at for 
all A G A and M for all A g" X. Lemma [3] yields M ^^(jv) M - B Y Lemma HE we have 

M -^IdW M i -^^(JV) m 2 ^Id(n) ■ ■ ■ ^i D (N) Mn -^i D (N) for some < n < d(M) G IN. 
Now Lemma[7]yields <a, X> G &(I D (N)). 

"C": Let <cr, X> G M(I D (N)). Then there is a marking M of I D (N) such that M =^ Id (n) Af, 
M ^/ d (at), and M ~^ Id ( N ) iff A£ X. Lemma[5]4]yields M =^> N r < ~(M) A a(M) and LemmaH 
gives t*~{M) -^/^(jv) M - Now LemmaHyields <cr, A> G M(N). □ 

B The Transition- Controlled- Choice Implementation 

In this appendix we show that the transition-controlled-choice implementation of any net A is step 
readiness equivalent to A. To this end we use the following result. 

Lemma 8 Let A = (S, T, F, M ,£) and A' = (S', T, F', AfjJ, £') be two nets, and l'{t) / r for t G T' . 
Suppose there is a function : 'P(S) — > J > (5") from the markings of A to the markings of A', 
a distance function d : f{S) — > IN U {00} and a predicate j3 C T(S) such that 



/?(M ) Ar^(M )=Mi (1) 

/3(Mi) A Mi — ^ n M2 =>■ /?(M 2 ) A r^(M 2 ) = r^(M x ) A d(Mi) > d(M 2 ) (2) 

/3(Mi) A Mi M 2 =>■ /3(M 2 ) A r^(M x ) r^(M 2 ) (3) 

/3(Mi) Ad(Mi) > => Mi ^ N (4) 



/3(Mi) A d(Mi) = A r^(Mi) -^* N , M' 2 3M 2 . M x M 2 A M' 2 = r^(M 2 ) . (5) 

Then A m a A'. 
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Proof "M(N) C &(N')": Conditions (1-5) allow any step ready pair <cr, X> of N to be mimicked 
step for step by N'. To be precise, if <cr, X> G M(N), then there is a marking Mi with Mo ==>n Mi, 
Mi — >j\f, Mi — >n for any A G X and Mi ^^at for any A $l X. As for all reachable markings Mi 
of TV, we have 0(Mi). Now (1-3) imply M' Q =^ N > t^(Mi). Furthermore, (3) implies r^(Mi) -^+ N > 
for any A £ X, (4) implies d(M\) = 0, and hence (5) implies r^(Mi) -+—>n> for any A G" X. 

"M(N') C 3%(N)": From conditions (2-5) we infer: 

/3(Mi) 3M 2 . Mi M 2 AM 2 ^A /3(M 2 ) A r^(M 2 ) = r^(Mi) (6) 

P(Mi) At^(Mi) => 3M 2 . Mi M 2 A /3(M 2 ) A = r^(M 2 ) (7) 

The first statement follows by repeated application of (2); the second by repeated application of (4) and 
(2), then (5) and (3). Conditions (1) and (7) imply that every reachable marking of N' is of the form 
t <s= (M) with M a reachable marking of N. Moreover, (1), (6) and (7) yield, for a G Act*, 

M =^ n > M' 3M. Mo ==> n M A M A /3(M) A M' = t^(M) . 

In combination with (3-5) this implies that any ready pair <a, X> of N' is also a ready pair of N. □ 

In fact, conditions (1-5) are strong enough to show that N and N' are semantically equivalence in various 
other ways as well; in particular constitutes a branching bisimulation between N and N' , as defined 
in 0. In order to apply Lemma[U we will take N to be the transition-controlled-choice implementation 
of a given net N' that features no transitions labelled r. 

Definition 19 

Let N' = (S, T, F', M ,£') be a net with £'(t) ^ r for t G T', and N = (S U S T , T U T T , F, M ,£) 
its transition-based-choice implementation. 

The function : ?{S U S T ) -» 0>(S) is defined by 

r^(M) := (M n 5) U {s | s G 5, {s [i] | i G a'} C M} U {s \ s G f A © G M} . 
The function : y(5 U S T ) -» IP(S) is defined by 

r ^(M) := (M n 5) U {s | s G 5, {s [ ' ] | t G s'} n M ^ 0} U {s | s G 't A © G M} . 
The function d : y(S U S" r ) -> IN U {oo} is defined by 



d(M) :=|Mn5|+ J^(i + |t»|)+ 1. 



The predicate /5 C 9(S U S" r ) is defined by 

P(M) r^(M) G [Mo)tv' A 



(A) 




(ft) 



0%) 
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Some conjuncts in the definition of (5{M) are universally quantified over (some of) s, t and u; we write 

- f3i s,t ' u (M) to say that marking M satisfies the instance of [3i for the specific values s, t and u, 

- (3i(M) for Vt, u G s*. Pi s,t ' u (M), 

- and ft(M) for Vs G 5. /?f (M), 

so that /3(M) iff^M) Af^M) A^M) A@M) A^M) A@M) A^M). 



Lemma 9 Let TV', iV, r^, r^, d, and /? be as in Definition [191 

Then iV is a net as defined in Section[2]and the clauses (l)-(5) of Lemma [8] hold. 

Proof Again, we use °x and x° instead of *x and x* when making assertions about the flow relation 
of A?" (the implementation). Given that °t ^ and °t and t* are finite for all t G T and s' is finite for 
all s G 5, by construction we have °t ^ $ and °i and t° are finite for all t G T U T T and s° is finite for 
all s £ S U S T . As N has the same initial marking as N', it must be finite. In order to show that N is 
contact-free, we must show that for each reachable marking M G [Mo)jv the following four properties 
are satisfied: 

(i) If s G M then S M g M for all t G s*. 

(ii) If sf ] , sM G M then £ M. 

(iii) If 8 M G M for all s E*t then © ^ M and s[ u] £ M for all s£'i and u G s* with [u] ^ [t]. 

(iv) If © G M and sj" ] G M for all sG't and u G s* with [u] / [i], then M n t* = 0. 

We proceed to show that all four properties are implied by /3(M). This entails that the contact-freeness 
of N will follow immediately from the validity of clauses (l)-(3) of Lemma [8] 

Property (i) follows immediately froml/^M) and (ii) from M). The claim © £ M of property (iii) 



follows fromp^M), and using this the claim sf 1 <£ M from^M). For (iv), assume, towards a contra- 
diction, that © G M, yet s G M n t". Then "t C r <s= (M). Now^M) and the contact-freeness of AT"' 
gives (r^(M) \ *t) n f = 0. As s G M n f C r <s= (M) n i* we obtain s G *i, contradicting |/^M). 

It remains to show the validity of clauses (l)-(5). Clause (1) follows directly from the definitions. 

Clause (2): Assume j3{M\). As remarked in Section[2l reachable markings of N' are finite, so by^jMi) 
M\ n S is finite and M\ contains only finitely many places of the form © (using Mi) and that *t ^ 
for t G T). Since for a given t, using that *i and s* are finite, there are only finitely many places s[ in N, 
it follows by [/j^Mi ) that Mi contains only finite many places of the form s[ . From this we conclude 
that d{M\) is finite. We proceed by a case distinction over all transitions labelled r. 

Assume Mi [\s\)n M 2 . Then M 2 = (Mi \ {s}) U {s [ ' ] | t G s*} and r <s= (M 2 ) = r^(Mi) as well as 
r^(M 2 ) = r <= (Mi). Moreover, d(M 2 ) = d(Mi) - 1 as s G Mi n S but s ^ M 2 and the sM don't 
contribute to d. It remains to check that /3(M 2 ). We will do that for each of the six conjuncts separately. 



The validity of f3\ is clearly preserved, in the sense that|ffijMi) implies |/?i[M 2 ). The same holds for 
/?4 and [^] as places of the form © and do not figure as pre- or postplaces of the transition \s\ . 
Requirement jffij (M 2 ) simply holds, as s £ M 2 , whereas for s' ^ s requirement (M 2 ) is preserved. 
In the same way we obtain |/^M 2 ) , |/^[M 2 ) and|/3^M 2 ). 

Assume M 1 [t\? ] ) N M 2 . Then M 2 = (M x \ {s[ u, ,s H }) U {sj" 1 }. From sj" 1 G Mi we obtain © G Mi 
by[^3'*' u (Mi) and S W g Mi by^Mi). Hence the removal of any s^ u ' does not affect r"^, and we 
have r <= (M 2 ) = r <= (Mi). As the only change in summands contributing to d is the removal of 
we have d(M 2 ) = d(Mi) — 1. Since © G Mi, the removal of does not affect r <;= either, and we 
have t' <= (M 2 ) = r <s= (Mi). Hence [/3i] is preserved. Requirement [^'" (M 2 ) holds (since ^ M 2 ) 
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t'u' 



and^''*' for s' / s or t' / u is preserved. Likewise, |/3^'' n (M2) holds (since ^ M2) and_ 
with s' 7^ s or u' 7^ u is preserved. Requirement |^' t '"(M2) holds (because sj"' G-M2), and(^ '*'' n ' 
with s' 7^ s or -u' 7^ u is preserved. As for[/%]'*'' u with t' 7^ t, by[^jMi) we have (?) ^ Mi and hence 

by[/iP''"(Mi) it must be that s[" ] ^ Mi, and thus s[" ] M 2 . This yields [/%]''' ' n (M 2 ). Since © G Mi 
we have © € M2 and hence ^'''"(¥2) holds. All other instances of (3q are preserved. Requirements 



/?4 and Wjj are preserved as well. 



Assume M 1 [t') N M 2 . Then M 2 = (Mi \ {©,s[" ] | se't, «G s*, [u] / [i]}) U {s | s £ t'} and 
t <s= (M 2 ) = r^(Mi). Again d(M 2 ) = d{Mi) - 1 as the single © contributed 1 + \t"\ whereas all the 
newly produced places s together contribute \t*\. As © € Mi we have 't G r <s= (Mi). Moreover, for 
s £'t and u,v £ s°, [u] / [i], v / t we have ©, G M x , so s, sM,@ ^ Mi byj/gMi) and^Mi) 



and 4 , 4 , « M ^ Mi byj^Mi) and^Mi). Hence © is the only place in Mi that contributes s £*t 



is 



tOT^(Mi). Therefore r^(M 2 ) = {t^(M x ) \'t) Ui*. Hence r^(Mi) [{i})iv r^(M 2 ), so^ 
preserved. Requirements [^3] and [/jg] are easily seen to be preserved as well. Since N' is contact- 

free, we have (r^(Mi) \ *t) n t* = 0, using ^Mi). So for s £ t* we have either s ^ r^(Mi) or 
s € *i. Either possibility implies ^ Mi for u G s*, and © ^ Mi for v £s' ,v ^ t. Hence sM , © G' M2 
for u G s*. Using this, also [^2] and [^7] turn out to be preserved. 

Clause (3): Assume /?(Ml) A Mi [G) N M 2 with £(t) 7^ r for all t G G. Then 

M 2 = (Mi \ °G) UG° = Mi \ I s G *G} U {©, | i G G, s G % « G a', [«] / [t]}. 

For all t G G and sG't we have sM G Mi and hence s G r <s= (Mi). Thus r <s= (Mi)[t) J v'. 
CZa/m 1: Let t £ G, s £ 't and u,v £ s\ Then © ^ Mi and G Mi. 

Proof: Assume, towards a contradiction, that © G Mi. Then 'v C r <s= (Mi) and thus r <s= (Mi)[t>)7v'- 
As s G •tfl'uwehave -iT <i= (Mi)[t,f)Af/, so[/3j7Mi) and DefinitionfTBlyield t#v. and hence [i] = [u]. 
Nevertheless, ^ Mi) gives s M ^ Mi, whereass™ eM^ 

Next assume that sM ^ Mi. Then[||' M '*(Mi) yields 3u G s*. 4* 1 G Mi, and(/%p'*(Mi) gives @G Mi. ^ 
C/az'ra 2: Let tx,t 2 eG with f x / i 2 . Then *ii n *ii = 0. 

Proof: Assume, towards a contradiction, that s G *ii D *i 2 . Then r <;= (Mi)[ti)jv' and 7 x= (Mi)[i 2 )iv', 
but -■r" <= (Mi)[ti,t2)Ar', so[/3^Mi) and Definition [T5l yield fi#t 2 , and hence [ti] = [t 2 ]. But this 
implies si* 1 ! = s^l G °ii n °t 2 , contradicting Mi [G) N -i 

Claim 3: Let t G G, s G *t and w G *s. Then s, © ^ Mi. 

Proof: Since s^GMi we have s£M\ by^^Mi). Assume, towards a contradiction, that© G Mi. Then 
*v C r <s= (Mi) G [M ) TV, using^Mi). As N' is contact-free, we have (r^(Mi) \ *v) n u* = 0. So 
since s G r <;= (Mi) n u* it must be that s G 'v. But then © G" Mi by Claim 1.^ 

Claim 1 implies that *G C r^(Mi), and Claim 2 yields r^(Mi) [G)jv M^ for some M^. By Claim 3 
we have (Mi \ °G) = t^(Mx) \ *G and thus 

r^(M 2 ) = r^((Mi \ °G) U G°) = (r^(Mi) \ *G) UG' = M^. 



It remains to check that /3(M 2 ). First of all, r' 4= (M2) = t <= (M\) and hence /?i is preserved. It is easy 



to see that ^2 §e and ^7] are preserved. Requirement for s £ *G is also preserved, whereas [ffi^ (M 2 ) 



for s G *t, t G G holds with v := t. Requirement [/^j may fail to be preserved only if 3t%, f 2 G G with 
f 1 / t 2 and *ti n *t 2 7^ or if 3t G G and © G Mi with m tD'v ^ 0. These cases are ruled out by 
Claims 2 and 1. Requirement [/%] with s ^ *G is preserved. Since there is no © G Mi with *G n •« 7^ 0, 
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bylA^MQ and ^ Mi) there are no ,s [ v ] G M x with s G *G. Moreover, for all t G G, s G *t and 
lies' with [tt] / [i] we have sM G Mi and hence sM G M 2 . Thus we obtain [/|j](M 2 ) for s G *G. 

Clause (4): By a case distinction on the three summands of d(M x ). 

Assume 3s G Mi n S. Then Mi[{s}) N >. 

Assume 3sf ] G M x . Then byKTMi) also sN g Mi and hence Mi[4" ] )jV'. 



Assume 3© G Mi but G Mi. Then byjgjMi) also 3s| u] G M x for all s G and u G s* with 

[u] ^ [t]. ThusMi[i')jv'- 

Clause (5): d(Mi) = implies Mi n S = and Mi does not contain places of the form (t) or s[ . By 
pet Mi) it doesn't contain places of the form either. Hence all places in Mi have the form sM for 
s£5 and i G s*. Moreover, by l/^Mi), for any s£5 either Mi contains all places s$ with t G s* or 
none. Thus Mi = {sW | s G r^(Mi), t G s*}. Using this, when t^(Ml) [G) N > M' 2 for G C T, there 
is a unique M 2 such that Mi [G) n M 2 . It remains to show that r^M^ = M' 2 . 

First of all, note that M 2 H 5 = 0. Secondly, we have 

{s | s G 5, {s [t] | i G s"} C M 2 } = {s | s G r^(Mi), ^'G} = r^(Mi) \ # G. 
Finally, {s | s G i* A © G M 2 } = {s \ s G i* A t G G} = G*. 

Thus, applying Definitions [Hand El r^(M 2 ) = (r^(Mi) \ *G) UG* = M£. □ 

Definition 20 For A a net and i and action, let A/ i be the net obtained by renaming all occurrences of 
i into r. 



Proposition 2 If N «<s? iV' then A/i A'/i 

Proof <cr, A> is a step ready pair of iV/i iff A has a step ready pair <p, X>, where the sequence a 
can be obtained from p by deleting all €s, and {i} X. □ 



Theorem 2 Any net is step readiness equivalent to its transition-controlled-choice implementation. 

Proof Let N' T = (5, T, F', M , t' T ) be a net and A r = (S U S" T , T U T T , F, M ,£ T ) its transition- 
controlled-choice implementation. Obtain A' from N' T and A from A T by changing all r-labels of 
transitions in T — but not those in T T — into i. Thus N = (S U S T ,T U T T , F, M ,£) where £ satisfies 
£(t) = r if i G T T ; £(t) = i if t G T and £ T (t) = r; and = £ T (t) otherwise. Then N is still 
the transition-controlled-choice implementation of N', and moreover N' has no r-labels. Furthermore, 
N'/i = N' T and N/i = N T . Lemmas [8] and yield N N'. So by Proposition |2] we obtain 
N/i & m A'/i, which is A r r% A"'. □ 



